General
-
Target
60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad
-
Size
4.2MB
-
Sample
230810-exrkashg23
-
MD5
e4448e2f5df5a13e04ce120a3e5707e4
-
SHA1
906d2f49e761112d3c4946f0019b4e4a6e22c4f7
-
SHA256
60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad
-
SHA512
a2301da8b85c381844215e83d936d11a87b0cec35ae6df73482a1fe0925b88b1ea162a307032585b91a71e3a7220ff4fa28b3408760febbff660667c1921e5a1
-
SSDEEP
98304:Q+HVb4W8QC49un+EI1VybU3pWW1Yvqr9O3t4fq98lRvIY:Q+HJ8l49O+b6F3+fm8lRAY
Static task
static1
Behavioral task
behavioral1
Sample
60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad
-
Size
4.2MB
-
MD5
e4448e2f5df5a13e04ce120a3e5707e4
-
SHA1
906d2f49e761112d3c4946f0019b4e4a6e22c4f7
-
SHA256
60df4b2fb38fbf4225a15b143b9017b8c226136ad19ea12d91002b284f89cdad
-
SHA512
a2301da8b85c381844215e83d936d11a87b0cec35ae6df73482a1fe0925b88b1ea162a307032585b91a71e3a7220ff4fa28b3408760febbff660667c1921e5a1
-
SSDEEP
98304:Q+HVb4W8QC49un+EI1VybU3pWW1Yvqr9O3t4fq98lRvIY:Q+HJ8l49O+b6F3+fm8lRAY
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-